Adobe Best Practices Guide 1

Best Practices Guide for Using Adobe Creative Cloud Video Applications in Microsoft Azure Virtual Machines Version 1.0.1, April 18, 2020

Disclaimers

Adobe’s Creative Cloud Enterprise, Individual or Single App Terms of Use permit the deployment of its Apps in cloud environments on an AS-IS model with no support of guarantee regarding software performance or stability.

Microsoft is working closely with Adobe to provide guidance for Adobe Creative Cloud Enterprise Customers who choose to deploy on Azure Cloud Services.

Adobe Photoshop, Adobe Premiere Pro and Adobe After Effects, including Adobe Media Encoder and After Effects Render Engine are currently being tested in partnership with Adobe and our Cloud teams.

For additional questions, please contact your Adobe Enterprise Account Representative.

Executive Summary This document details how Adobe and Microsoft recommend running video production workloads within virtual machines on Microsoft Azure using desktop virtualization technologies. These workloads require more GPU, CPU, Memory, storage space, and storage IO bandwidth than typical virtual user environments, and are more complex to deploy at scale. As there are many different configurations that work for the various scenarios, the authors have focused on three primary scenarios to provide guidance:

• News & Simple Edits • Full Creative Workflow • Promo Graphics

The guidance will detail deployment methodologies, virtual machine sizing, storage, and hardware device compatibility issues and if followed can provide agility and scalability in scenarios evaluated by Microsoft and Adobe.

Remote vs Cloud Production In the context of this document, ‘remote production’ will be defined as the process of accessing existing infrastructure, including corporate on-premises storage, networking and workstations, from a remote location. In contrast, ‘cloud production’ will be understood to be the process of accessing and using a public or private datacenter for media production. This guide only addresses the functional specifications of running Adobe Premiere Pro, Adobe After Effects, and Adobe Media Encoder in Microsoft’s Azure public cloud environment.

Adobe Best Practices Guide 2

Why is VDI important for the Media and Entertainment industry When looking at the business case of moving workflows to the cloud it's important to review not only the cost but the wider efficiencies and productivity that can be realized. Resources in the cloud, including workstations and storage, are billed based on consumption with rates tailored to their technical specifications, therefore in some applications it is more cost-effective to purchase a local workstation rather than a powerful GPU equipped workstation 24/7 in the cloud. To really understand the benefit that VDI can bring to the Media and Entertainment industry we need to look broader, at the less quantifiable metrics including, but not limited to:

Flexibility/scalability For businesses with unpredictable/episodic workloads, or with a predominantly freelance-based workforce, it is not financially viable to invest in hardware that will only really get fully utilized during peaks in the business calendar/production cycle. Working in the cloud offers an attractive alternative, as it requires minimal upfront investment yet still gives the business a framework to dynamically scale to meet the need for additional high-powered workstations, network and storage, as and when required.

Fostering better cross-team collaboration By moving media workflows to the cloud, businesses get the opportunity to securely store and create media without needing to care any longer about its physical location. When media is stored centrally, it can easily and quickly be distributed to datacenters close to the talent—enabling Advertising Agencies to use the best/most cost-effective local freelance talent, Publishing and News organizations to implement truly round-the clock ‘follow the sun editing ’and Broadcasters to more efficiently work with third parties on a global basis.

Improved, not diminished, security A common (and now outdated) misconception around cloud is that it is somehow less secure than on-premises systems managed by corporate IT. However, this prejudice no longer applies, with cloud now trusted for everything from securing government assets to delivering copyright-protected Hollywood blockbusters; cloud workflows pass even the most stringent security tests set by regulators. In daily practice, that means the cloud allows businesses to know where their media is at all times with greater visibility of who has accessed what and when, than traditional storage and access methods. Coupling cloud-based production with Multi-Factor Authentication (MFA) and integration into Azure Active Directory also creates an environment where all data is maintained within corporate-controlled security boundaries, with IT able to control access to sensitive data in a strict permissions- and policy-based regime.

Insights into actual data usage Another benefit of migrating production to the cloud that might not be immediately apparent; access to usage data that can be extracted from virtual machines and other parts of the cloud infrastructure. Monitoring what your team is doing at a granular level can then be integrated into every level of a cloud stack, allowing operations to collate data, segment and attribute it to users, projects or departments, producing useful insight into working patterns and producing properly data-driven management reporting.

Adobe Best Practices Guide 3

Reduction of your carbon footprint It is no longer acceptable to send an army of creatives to cover international events—not only due to the cost, but also for the environmental impact of burning so much jet fuel when the cloud offers such a compelling location-agnostic alternative. Protocols such as NDI and SRT now also enable production teams to deploy everything from vision mixers, commlinks and graphic overlays in the cloud to editors situated in a central location. Couple this with VDI and cloud editing, and you can cover events with essentially skeleton-level crew deployment.

Guaranteed Business Uptime Traditional Disaster Recovery strategies center around moving whole departments or businesses to new locations in the event of a disaster, something particularly true for media departments that relied on specialist technology to do their job. However, advances in Virtual Desktop Infrastructure (VDI) technology now mean that full video workflows can be located in the cloud. Add in the fact that many businesses are already utilizing low cost cloud storage for on-premises Work In Progress (WIP), storage back-up means cloud-delivered VDI becomes the obvious choice when considering Disaster Recovery options that negate the need to build or rent expensive physical off-site Business Continuity facilities. Now we have reviewed the primary business drivers for cloud-based production, let’s drill down a little further into making this a practical step for your team via the Adobe tool set.

When should VDI be considered? VDI is very well suited to many common media workflows. The business case for moving applications such as animation, motion graphics and VFX to cloud is solid, as all require access to high-performance workstations, and often benefit from the scalable render farms that are readily available in the cloud. Additionally, VDI can work extremely well to support many typical editing scenarios. In this document we have defined the three main candidates for VDI as the following user personas: News/Sports, Creative, and Promo. For each, we have assembled representative programs and tested them in the VDI configurations detailed below so as to verify feature compatibility and acceptable performance. To see if this solution works in your context, we recommend that you find the workflow instantiated in our three models that aligns closest to your own, then start with the tested configuration. Be aware that it is easy to change the RAM, CPU, and GPU configurations we have employed to suit your specific requirements—but don’t forget that since cloud resources are billed by the hour, short-term experiments can potentially end up as quite expensive (for tips on cost management, review Azure guidance here). For example, when using high-scale Virtual Machines (multi-GPU equipped, large memory, ultra-fast storage), shut them down when not actively testing. The good news here is that the proxy workflows in Premiere can allow big savings on storage, network bandwidth, as well as RAM/CPU/GPU requirements. 0F

1

1 See this page for more information on using proxies in Premiere Pro.

Adobe Best Practices Guide 4

When should it not? However, there are workflows where VDI performance is limited, and until virtualization solutions have been further optimized these should still be prioritized for now as best conducted with on-premises solutions. Grading /Finishing Any workflows that require complete frame accuracy, flawless color fidelity and bespoke hardware are always going to be difficult to run in the cloud if they are expected to deliver the quality colorists and specialists demand. Audio workflow At present, it is only possible for the PCoIP protocol to transmit a stereo signal to an endpoint. Therefore, any work that requires the listening and mixing of more than two audio streams is not currently possible using VDI. Additionally, recording voice overs directly to VDI in the cloud is currently not deliverable. Broadcast Monitoring Most review and approval workflows, where an additional broadcast output is required for the client to view, are difficult to accomplish ‘out of the box’ with VDI solutions, especially if the reviewer is in a different location. There are workarounds using NDI or third-party managed service providers but be clear that this often necessitates some configuration, and is not going to give the same quality or technical experience that a broadcast monitor would

Enabling Technology

Teradici Cloud Access Software For high-end video editing in the cloud, the solution of choice is Teradici Cloud Access Plus Software which uses their PC-over-IP (PCoIP) protocol. PCoIP technology uses advanced display compression to deliver a secure, high-definition and highly responsive virtualized computing alternative to a local computer. This architecture reaps the benefits of centralized storage and data collaboration while each virtual workstation compresses, encrypts and transmits only display pixels ensuring a highly secure enterprise environment. PCoIP is renowned for delivering a color-accurate video editing experience to a broad range of software clients, mobile clients, thin clients and stateless PCoIP Zero Clients. In addition to default performance settings, a set of protocol enhancements known as ‘PCoIP Ultra’ offer expanded choices of the most efficient hardware or software codecs according to efficiency objectives. For example, users working at high-resolution monitors (e.g. 4K/UHD) can select PCoIP Ultra CPU enhancements to ensure a highly interactive and high frame rate experience while maintaining color accuracy. Users can also gain CPU relief by offloading encoding functions to the GPU or those operating over highly constrained networks can select the bandwidth efficient chroma sub-sampling mode offered by PCoIP Ultra GPU enhancements. All testing for this guide was performed using Teradici PCoIP under default configuration settings.

Adobe Best Practices Guide 5

Zero client vs Software Client There are three options for establishing a PCoIP session with remote Windows or Linux desktops locally; Software, Zero and Thin Client. Each option is suited to different VDI scenarios: Software Client A software client is an application that acts as a PCoIP end point. Once installed, it allows laptops and workstations to create a secure connection to a Virtual Machine. A software client is perfect for users who would like to access a Virtual Machine on their existing hardware. Zero Client A Zero Client is a small form factor machine with minimal processing powers and no storage. Typically, it only has enough ports to connect a keyboard, mouse, USB peripherals such as a Wacom tablet, monitor and an ethernet cable. Essentially it acts as a gateway to processing power and services available in the cloud. These machines tend to cost around $300 and may be of high interest for organizations who are invested in VDI as a desktop replacement to traditional workstations. If there is no existing infrastructure that can be used to host a software client and the creative users only need base functionality (1080p, 30FPS dual monitor with added security as there is no local computer to copy files to or from), then a Zero Client approach can pay real dividends. More advanced Zero Clients support up to four 4K monitors when used with a compatible protocol. Thin Client To help users in the media and entertainment industry run 4K, 60FPS workflows, Teradici offers PCoIP Ultra, a new protocol that dynamically adapts, encodes and delivers accurate and distortion-free representation regardless of network conditions. However, to run PCoIP Ultra it requires additional processing at the PCoIP endpoint to decode the stream. That means that users who require a 4K, 60FPS local output will need either a thin client such as an Intel NOC or a software client running on a workstation to do the job.

Connection Broker A Connection Broker is a management layer that negotiates the relationship between the cloud provider and the user. In the context of VDI a Connection Broker’s job is to manage the allocation and distribution of Virtual Machines, System Images, protocols and settings across an enterprise environment, whilst ensuring that the cloud environment is securely integrated into the corporate Active Directory for identity management, security and compliance. When managing a handful of instances, it may not necessary to use a Connection Broker, however, when managing multiple users over a number of geographies a Connection Broker is vital for creating a secure and cost-effective VDI environment. When dealing directly with managed service offerings from third parties and cloud providers, the management features of a connection broker are included. For enterprise users who want to manage their own environment, the two main options available are Teradici Cloud Access Manager and the Leostream Connection Broker. Teradici Cloud Access Manager Teradici Cloud Access Manager is a cloud service that simplifies and automates deployments of Cloud Access Software, the leading PCoIP solution for remotely hosted enterprise applications. Cloud Access

Adobe Best Practices Guide 6

Manager enables highly scalable and cost-effective Cloud Access Software deployments by managing cloud compute costs and enabling secure user entitlements by brokering PCoIP connections to remote Windows or Linux desktops and workstations, all from a single console. Use of Cloud Access Manager is included with the Teradici PCoIP license.

The architecture above outlines a virtual workstation deployment in the public cloud. Hybrid deployments incorporating the use of on-premises workstations with Cloud Access Manger are also supported. Refer to the Teradici Cloud Access Manager datasheet for further details. Leostream Connection Broker Leostream is a remote access and virtual machine management platform for on-premises and cloud hosted desktops. Leostream pools control the capacity and power state of VDI instances hosted in the public cloud, ensuring adequate VDI instances are available based on user demand while minimizing compute costs. Leostream integrates with a variety of multi-factor authentication systems, providing secure access to hosted environments. Leostream is agnostic to the platform, display protocol, and remote and client operating systems, allowing organizations to satisfy any user need, managed and accessed from a single pane of glass.

Azure Windows Virtual Desktop Windows Virtual Desktop provides both desktop and application virtualization services from the Azure cloud. WVD is ideal for multi-session Windows 10 workloads with optimizations for Office 365 and Remote Desktop Services (RDS) support for legacy systems (both client and server). Deployment and management can be accomplished through Azure PowerShell and REST interfaces to configure pools, groups, users, and publish resources. No additional gateway is necessary. Integrated diagnostics, role-based access controls, and automated session management reduces the load on production IT groups. WVD functions differ from Teradici and similar hosting protocols by additionally providing application-level publishing rather than just pixel-streaming of the entire desktop session. This enables corporate

ON-PREMISES

PUBLIC CLOUD VIRTUAL

WORKSTATIONS

PUBLIC CLOUD

USERS IN ANY REGION

ONSITE USERS DOMAIN CONTROLLER

RADIUS (Optional)

VPN

CLOUD ACCESS CONNECTOR

Teradici

PCoIP EstablishmentPCoIP ConnectionManagement Plane

Cloud Access Software

Adobe Best Practices Guide 7

IT to provide individual applications and resources to end users without creating an entire virtual environment, leveraging the host OS and hardware already in place. For example, a CRM tool that is centrally hosted but only runs in Azure, yet works exactly as a local app. This is particularly useful in non-latency sensitive scenarios such as asynchronous workloads (e.g. back office apps) that are transaction-based instead of I/O-sensitive. Certain graphics applications, production tools (schedulers, scripts, payment processing, etc.) and knowledge-worker tasks (email, documents, …) are appropriate. While bandwidth- and latency-sensitive applications such as video editing and animation could run in this scenario (or could run in a dedicated VDI VM streamed to the remote client), issues such as frame accuracy, color consistency, and audio processing make it potentially less appealing for production purposes. WVD does, however, address users’ requirements for workloads that don’t depend on just GPU systems with high I/O thresholds and extended memory, and will provide a much more cost-effective deployment model for the diverse user community that supports most productions today.

Workflow Considerations Where is my media? If your media is already in the cloud, it doesn’t necessarily mean that it is going to be edit-ready. To get the ROI you want from VDI production, make sure it is in the right region, on the right tier of storage and most importantly visible and accessible to the user. This can be managed either through custom architecture, or by using a number of the third-party cloud storage vendors.

Where is my team? Just because you want to edit in the cloud doesn’t necessarily mean you can. Users need to be within a certain physical distance from a datacenter to get a minimum viable experience. If you have a team in Europe accessing media that is actually on the West Coast of the US, the users will, possibly, not have an enjoyable or productive experience… light travels fast, but it can only travel so fast! In some cases, it might make sense to architect cross-region replication in the cloud or even use a tool to transfer media between the two locations. However, it is worth highlighting that moving media between regions is very fast in Azure but will result in inter-region egress costs depending on your agreement.

What are my codecs? Codecs have an important impact not just on the performance but also the financial viability of editing in the cloud. The difference in infrastructure required for editing multiple streams of 4k 60FPS footage is vastly different to that of a proxy edit workflow; you will need higher performance storage, higher performance virtual machines, greater storage capacity and faster network speeds. It is important to consider whether what was done on-premise needs to be replicated in the cloud, therefore, or if a ‘cloud ready ’version of the media would suffice for the workflow. Note that Premiere Pro’s proxy and reconform workflow is a great option for reducing the costs and improving the user experience. See this document for more information.

Adobe Best Practices Guide 8

What are my collaboration (Project Sharing) needs? If collaboration is a key part of the edit workflow, then Adobe Team Projects can be utilized to allow multiple users to easily share and collaborate on Premiere Pro and After Effects projects. Couple Team Projects with a proxy workflow, and you have a great set of tools for collaborating across multiple cloud regions or between on-premises and the cloud, reducing egress charges, storage size and speed to edit with reduced upload times. Adobe Team Projects also provides a great workflow for when you are working in the cloud on the proxy version and then you want to relink to the full res version on premise to see it on a broadcast monitor.

What hardware do I need (Wacom, third monitor)? What on-premise physical appliance do you need in order to edit? Many simple solutions, such as Wacom tablets and second monitors, are configured to use with cloud virtual machines today, but requirements such as a third ‘confidence ’monitor, 5.1 audio and other bespoke USB interfaces are either not possible at present or require bespoke configuration. To create a user experience comparable to an on-premise workstation may require hardware drivers that allow fine-tuning of responsiveness based on network latency.

How many users (growth, temporary, etc.) do I have to worry about? Whilst the number of users that can edit in the cloud is theoretically infinite, businesses still need to design their cloud infrastructure with the same consideration that they take when deploying an on-premises edit facility. Central to that thinking is being conscious that it is still vital to ensure your storage is specified to match the workflow requirements - i.e., if there are 20 users, all accessing multiple streams of ProRes HQ, then the cloud storage needs to be architected to ensure guaranteed bandwidth.

Location of Testing Planning for PCoIP traffic on a public and private network are critical steps in developing a robust design architecture for a creative desktop deployment. A properly designed environment ensures that the PCoIP protocol can deliver the expected experience to your end users, wherever you are located. When you are looking at key considerations for the PCoIP protocol there are some factors that need to be taken into consideration, specifically latency, jitter and taking care of the available bandwidth to the PCoIP agent. This means the ability to guarantee network quality, including being able to provide Quality of Service (QoS), network sizing and minimize packet loss. Each of these factors has an impact on the desktop experience for the user. To help understand this let’s look at each of them and see how these can impact the user: Latency and Jitter These two issues are really linked together, as when you have high latency you will see a UDP network protocol (what PCoIP uses to transmit its data over) will drop packets rather than ask for re-sending

Adobe Best Practices Guide 9

(which is what a standard TCP protocol will do). What this means is that if you get dropped packets, you will see the desktop not updating or slowing down. The PCoIP protocol Is very susceptible to latency and the recommendation is to keep it down below 250ms round trip time from the client to the virtual machine in the cloud. If you are looking for a really good edit experience then somewhere around the 120ms range would be preferable, testing would really help here as performance can be very objective depending on the type of work you are doing. Jitter is another factor which needs to be considered; if you see a jitter on the network of more than ±30ms then you will start to see an inconsistent desktop experience. On the agent connected to virtual edit you will start to see out-of-sync keyboard input to video display, or out-of-sync audio and video, for example. Bandwidth Requirements for bandwidth for the virtual edit desktop is another key factor. As a virtual edit desktop has typically more movement than a normal desktop and PCoIP only sends the pixels that are changing on the screen, you need to plan for that. In addition to this, screen resolution, monitor count, video use, and audio in the environment will also impact bandwidth requirements to the PCoIP agent. It’s not just the video requirement but also audio and USB devices that need to be considered. To get started in sizing, we typically reserve 10% of total bandwidth off the top for non-view high priority traffic such as VoIP if required; of the remaining bandwidth, we try to guarantee up to 80% for PCoIP. Here’s an example for calculating bandwidth for PCoIP: assume 20 concurrent users in the ‘Creative Desktop profile doing 1920 X 1080, 30fps . We will need about 10 Mbps per session on average but with a minimum burst for a video desktop user of about 50mbps. The calculations below show: 10 Mbps * 20 = 200Mbps 200 Mbps represents 80% of our total available bandwidth after reserving 10% for VOIP, we have to add 20% to 200 Mbps. 200 Mbps + 20% = 240Mbps If 20% (40Mbps more in this case) is not sufficient for your web and other application traffic, add more. Finally, add our 10% for VOIP and other high priority traffic. 240 Mbps + 10% = 264Mbps We need 264 Mbps of bandwidth at a minimum to support these 20 Creative Desktop users. Now add in audio at the default 500kbps for 20 users for an extra 10 Mbps. Then, factor in bursting for PCoIP (500kbps or 1 Mbps per session). Let’s assume that not all users will burst at the same time – maybe 20% of our users will concurrently burst by 1 Mbps.

Adobe Best Practices Guide 10

We also need to look at bursting for video as well. For a 30fps workload this is typically 45 Mbps, so 40% of users will burst which is 360 Mbps So, Audio 1 Mbps and Video 360 Mbps = 370 Mbps Thus, the preferred total solution bandwidth looks like this: 264 Mbps PCoIP, Web, VOIP, and general WAN traffic + 10 Mbps for PCoIP Audio + 370 Mbps for Video PCoIP burst --------------- 644 Mbps to support 20 Creative Desktop Users or 33mbps per Creative Desktop. Clearly, a Creative Desktop PCoIP enterprise solution can demand a decent amount of bandwidth for creative users. These requirements must come into play when deciding if users can work from home and planning office networks. Also, be clear that when you overlay bandwidth requirements and limitations around latency and jitter with the demands of a creative application means that enterprise network planning becomes very important. With basic connectivity decisions and sizing done, we will now briefly look at other architectural design elements important to Creative Desktop environments in an enterprise environment. Firstly, consider any technologies in the path of PCoIP traffic between View Clients and View Security/Connection servers. That’s because Intrusion Protection Services, WAN Optimization, and VPN devices can all cause packets to be dropped, re-ordered, or delayed. If you do, for example need to use VPN to connect to your PCoIP client then there are a couple of things that you can do to improve the performance of the connection:

• If a VPN is used, confirm that UDP traffic is supported (IPsec, or Datagram Transport Layer Security (DTLS) enabled SSL solutions).

• Do not route PCoIP traffic through TCP-based SSL tunnels. • Avoid VPN overhead. If possible, consider a VPN-less secure remote access solution that

supports the PCoIP protocol. • Use Quality of Service (QoS) Pre-Classify if CBWFQ or LLQ is necessary on the outgoing

interface of the VPN device. • This may not be available on many platforms or in many designs.

To avoid this negative user experience, look at your route-switch environment so as to ensure the correct MTU sizes end-to-end, sufficient buffers, QoS, and WRED configuration to help with congestion on routers. There are a significant number of considerations in these areas. Please review the PCoIP Protocol Virtual Desktop Network Design Checklist from Teradici for specific requirements and PCoIP best practices for network design and configuration. The good news is that with sufficient analysis and planning, there is no reason why you should not have a great Adobe and Azure cloud-based creative desktop experience.

Adobe Best Practices Guide 11

Firewall When deploying Teradici PCoIP it is worth highlighting that there are certain ports that need to be available in order for the PCoIP protocol to be able to communicate between the agent on the cloud workstation and the local client. Within a corporate environment the Cloud Access Connector is conventionally deployed in a DMZ or semi-trusted zone and may be coupled with a reverse proxy to facilitate load balancing These firewalls are highlighted here. Teradici License Server

Teradici License Server Port Port Number

Direction Description

Online License Server TCP 7070 In License Validation Offline License Server TCP 7070 In License Validation

Cloud Access Software The following Ports are required for the Cloud Access Software

Cloud Access Software PCoIP Agents

Port Port Number

Direction Description

Cloud Access Software all PCoIP Agent versions (Standard & Graphics)

TCP 443 In Client Authentication

TCP 4172 In PCoIP Session Establishment UDP 4172 In and Out PCoIP Session Data TCP 60443 In Connection Broker Communication TCP 443 Out Cloud Licensing

PCoIP Management Console Port for PCoIP Devices The information below summarizes the ports used by the PCoIP Management Console to manage PCoIP hardware devices.

Connection Type Port Port Number Description PCoIP Tera2 Zero Client 5.0 or newer with PCoIP Management Console 2.0 or newer

TCP 5172 Management Protocol

PCoIP Tera1 and Tera2 PCoIP Zero Client/PCoIP Remote Workstation Card with PCoIP Management Console 1.x.x

TCP 50000 CMI (PCoIP Control and Management Interface used by the PCoIP Management Console)

The following additional ports are required for the Management Console.

Management Console Version Port Port Number Description PCoIP Management Console all versions

TCP 443 Web Interface

PCoIP Management Console all versions**

TCP 22 SSH connection

PCoIP Management Console 1.x.x TCP 21, 20 FTP connection (for firmware and OSD logo transfers)

Adobe Best Practices Guide 12

Wacom When using a Wacom tablet peripheral device in conjunction with a cloud-based virtual workstation, the PCoIP client should be configured to locally terminate the Wacom tablet as outlined in Cloud Access Software Administrator Guides. This ensures that a highly interactive user experience is maintained, despite the latency introduced by the network connection.

Cloud Infrastructure Considerations

Storage A vital consideration when working in the cloud is the storage. Deciding what type of storage is needed for your workflow is dependent on a number of factors including number of users, bit rate of the codecs, your workflow and the budget you are looking to achieve. Additionally, if you are planning on supporting production teams around the world, you’ll need to consider data replication such as locally-, zone-, or geo-redundant storage services (for business continuity, as well). For virtual editing in the cloud there are really only three options available in the cloud, Azure Blob, Azure disk, and Azure Files storage. Below is a definition of each of these types of storage, and the ideal use cases. Whilst each has benefits, a combined approach will be required to recreate a cost effective and typical on-premises enterprise storage solution.

Azure Blob Storage Azure Blob storage sections data into distinct units (objects). Each object has a small amount of technical metadata and a unique identifier. Azure Blob storage tends to be used to store large amounts of unstructured data and is typically used in the media industry for archiving or backing up assets. Azure Blob has a number of different tiers that can be used depending on the cost and time that is needed to restore the file. As Azure Blob storage is object based it does not have a traditional file system which means that without a third party to simulate the structure of data in object storage, it is not appropriate for Tier 1 edit storage, as it can’t be browsed or searched in the same way creatives are used to when accessing their WIP (work in progress) storage on-premise. Additionally, the read and write speeds from Azure Blob whilst very quick is not very suitable for editing. For this reason, it’s best to consider Azure Blob storage as an excellent and affordable archive or tier 2 that you dip into to retrieve assets, rather than as WIP storage. Azure Disk Azure Disk storage is seen by the virtual machine in the cloud as a direct-connected disk which has high performance, low latency and high bandwidth. Disks are typically used where you do not need to share media between users and you need to have high speed access to the media. You can have single drives connected to a virtual machine or you can have a number of drives connected and then stripped together into one single volume for higher storage sizes and higher bandwidth. It is worth looking at the different speed options that are available to you as they have a different cost associated to them. For editing you are looking at the Standard SSD and Premium SSD options, however you may find for higher speed that from a price performance perspective that a standard SSD in a stripped volume may give you greater speed then a single Premium SSD as well as better performance for editing video.

Adobe Best Practices Guide 13

Azure Files Azure File storage is a no-server, native Azure SMB file share which can be mounted on the Adobe edit machine in the cloud. Azure Files is available in the cloud at varying IOPS and bandwidth ratings; typically, a higher tier of file storage will have sufficient performance for storing and editing a project and, unlike Azure Blob storage, can be mounted on the virtual machine as a SMB share and browsed in a file-based structure an editor will be familiar with using on a SAN. Effectively, Azure files storage can be used to recreate a NAS (Network Attached Storage)-style storage ‘feel’ in the cloud’. It can be expensive, depending on the amount of storage you require, to store a large amount of data in the cloud with sufficient read / write speeds under this approach but proper planning and workflows can reduce this and give excellent functionality for a workgroup of users Like Azure Disk storage, Azure Files has a standard option and a premium option which relates to the size and speed of the share that are available to you, depending on the type of editing persona you are will dictate the type of storage which you will need to use, later on in this document we have a section with suggested storage configurations and where best to use standard and premium file shares. Another feature of Azure Files is Azure File Sync. Azure File Sync is a tool that is deployed on a local Windows Server and allows you to replicate the storage which is in a local on-premise file share to and Azure File Share in the cloud and back again, if designed correctly this can be a very effective way of sharing media between on-premise and the cloud with permissions be replicated between both shares. If looking to deploy VDI in multiple datacenters to 10s of users and user personas, you will need to look at how you can architect and deploy VDI in a way that is scalable, repeatable and robust. Therefore, a hybrid approach to storage is required for enterprises looking to wholly move media production to the cloud.

Ingest Of Course, performing editing and video rendering requires high-speed access to large volumes of data, ranging from original camera files to proxies and libraries. Most of this data resides on-premises in production company servers, NAS devices, or local studio datacenters. Effectively editing content in the cloud requires proximity to such resources, and this necessitates uploading terabytes, even petabytes, of data into Azure for use by remote artists. Doing so quickly and efficiently can be challenging because of restricted bandwidth availability (or consistency), time (uploading one PB of data over a standard Internet connection would take years), or access to physical devices during a work disruption. Therefore, Azure offers multiple mechanisms for ingesting bulk data into your storage accounts and preferred architecture. The type, amount, and expected use of data will dictate which access method you choose with respect to variants of network upload vs. physical data transport devices. Network-based tools

• ExpressRoute—ensuring high-speed and reliable network service from on-prem filers to the cloud will simplify data migration. ExpressRoute offers dedicated fiber links directly to Azure PoPs and network providers (e.g., Verizon, Equinix) over high-speed private backbones instead of public Internet channels. When combined with site-to-site VPN services, it provides

Adobe Best Practices Guide 14

a highly secure and performant transport. It also takes advantage of available network peering from existing enterprise colos.

• Data Box Gateway—a virtual device based on a VM provisioned in your virtualized environment. The virtual device resides in your premises and you write data to it using the NFS and SMB protocols. The device then transfers your data to Azure block blob, page blob, or Azure Files. This is useful for cloud archival (hundreds of TB), continuous upload, or incremental upload after bulk ingest through a physical Data Box device. See documentation here.

• AzCopy—a command-line utility to copy blobs or files to or from a storage account. AzCopy is a simple and secure tool that can be scripted via REST APIs or PowerShell and used in tandem with Azure Data Factory for data transformation into (or out of) different Azure storage containers.

• Azure Backup—while not aimed specifically at media workloads, this service automates bulk and incremental backups and DR of on-prem volumes to Azure storage.

• Third-party transfer optimizers: companies such as Aspera, Signiant, Media Shuttle, and others provide support for network acceleration and optimization that can significantly improve upload speeds.

Storage devices / hybrid storage

• Azure Import/Export—in addition to Microsoft-supplied Azure Data Box disks (see below), you can configure and load your own physical drives and individually ship to an Azure datacenter location to be securely uploaded to your Azure Storage account. This can be effective for smaller data transfers.

• Azure Data Box—Data Box physical appliances make it fast, secure, and cost-effective to upload medium to large data libraries to the cloud. They range in size from 8TB, 40TB, 100TB, to 1PB, in various form-factors. Devices attach to your existing filers via high-speed USB or LAN and are securely wiped upon upload to your Azure account.

• Azure Stack Edge—Azure Stack Edge is an AI-enabled edge computing device (hardware-as-a-service) with network data transfer capabilities. Microsoft ships you a cloud-managed device with a built-in Field Programmable Gate Array (FPGA) that enables accelerated AI-inferencing and has all the capabilities of a network storage gateway and preprocessor. Edge offers disconnected upload scenarios and continuous secure upload.

• StorSimple—offers both physical and virtual appliances to automate data archive from on-premises to Azure and improve disaster recovery, security, and compliance.

• Azure Stack—Stack is a portfolio of products that extend Azure services and capabilities to your environment of choice—from the datacenter to edge locations and remote offices, enabling hybrid and edge computing applications to run consistently across location boundaries. Stack is intended for mature enterprise environments that wish to fully integrate operations from on-prem to Azure cloud, including hybridized data storage and transformation.

However, if you are working with limited media, or on a project-by-project basis, then a UDP transfer tool will be a better option for getting the media into the cloud, as the media can then be downloaded to the local Virtual Machine or uploaded to a mounted piece of Block or File storage (see above).

Adobe Best Practices Guide 15

Virtual Machines Azure Virtual Machines are cloud based compute resources which come in a number of different sizes and costs depending on the workflow you are looking to deliver. Azure Virtual Machines run a number of different operating systems. To achieve an editing experience comparable to on-premises editing, an equivalent workstation in the cloud needs to be provisioned, including CPU cores, RAM, and graphics cards. Microsoft Azure provides a large variety of VM instance types with different hardware specifications that are not only comparable but exceed the requirements of many expensive on-premises workstations. The instance types tested for this guide are detailed later.

Deploying at scale If looking to deploy VDI in multiple data centers and more than tens of users and user personas then you will need to look at how you can architect and deploy VDI in a way that is scalable, repeatable and robust. This section takes a high-level look at some of the additional tools and considerations needed when deploying at scale. Automation and Imaging The deployment of virtual desktops can be time consuming. Building VDI or a cloud-powered end-user computing platform consists of multiple moving parts and components. For small scale usage, it can often be easier to work directly with a managed service provider, but for enterprise clients looking to deploy at scale and manage their deployments internally, users need to look at ways in which they can template the deployment of both the underlying cloud infrastructure and the applications. At the heart of deploying cloud services is the concept of infrastructure as code. Making the shift from point-and-click to code-led deployments allows enterprises to much better manage and address concerns around scale, a heterogeneous computing context and efficiency. The codification of infrastructure also means an operator can take a programmatic approach to provisioning, and not only remove reliance on error-prone manual practices, in addition it provides a repeatable workflow that delivers consistency, logging, auditing and versioning to help the business gain better insight into the exact and current state of their infrastructure. An automated pipeline delivery provides the following benefits:

● A high level of automation to create optimized infrastructure direct from cloud deployment templates

● Utilization of the pipeline architecture to allow for in-depth testing and review of code before deploying infrastructure

● Built-in approval processes which can allow for builds to be approved by an engineer before building - this can allow for the requester to simply input what they want, and the engineer just has to review and approve

An automated pipeline delivery process also enables repeatable workflows—and by its very nature prevents runtime issues caused by configuration drift or missing dependencies.

Adobe Best Practices Guide 16

Group User Management When deploying at scale it is vital to move away from a one-to-one relationship between client and virtual machine, and start moving toward group management, allowing VM resources to be dynamically allocated. Additionally, deploying at scale means having to cater for multiple user personas… from editors, VFX artist to producers… and where a high-powered GPU machine with pixel-for-pixel representation might be appropriate for a creative, it might be simply overkill for a producer. Therefore, a business might decide an orchestration layer is needed to manage a mix of Teradici and cloud providers managed service solution. Careful virtual machine management and group policies are vital for not only ensuring cloud cost control but also user experience. Another area of consideration is user profiles; when a user logs into a virtual machine it is vital they have a consistent experience regardless of location, ensuring that the right storage is mounted, the desktop and toolbar is in their preferred layout, and their Adobe preferences are present. Storing, managing and orchestrating these profiles are vital when deploying a scale. High Availability When deploying at a global scale, user experience is key; regardless of the applications they are using, if a machine fails the user needs to be able to log back on and continue working ASAP. To achieve this, redundancy and high availability needs to be architected into every area of the cloud deployment, from ensuring there are multiple virtual machines of the same specification available at any one time to access, to a secondary cloud broker and across multiple regions. Whilst a level of cloud design can help with minimizing disruption good workflows, backups, and good practice still apply even in the cloud. For information about reserving Azure instances to reduce costs and ensure availability, see this page.

Tested Configurations While developing this guide, Adobe and Microsoft selected Azure configurations to meet the needs of three typical user personas: News/Sports, Creative, and Promo. Separate VDI instance types and storage options were chosen to support the needs of each persona. Although testing was not exhaustive, testers verified that typical workflows and content for each persona could be performed without issue using the targeted tools in the VDI and that media played back without dropped frames. As Adobe Creative Cloud applications support GPU-based acceleration, Azure NV and NVv3 series virtual machines are recommended. Although Adobe Creative Cloud applications all work and are supported on all NV and NVv3 series virtual machines, the needs of specific scenarios will drive the choice of specific SKUs. The primary difference between NV and NVv3 is that NVv3 supports premium storage. All GPU-optimized virtual machine sizes are listed here.2 Both families feature NVIDIA Tesla M60 GPUs and Intel Xeon E5-2690 CPUs running at 2.60 GHz. The NV Series processors are v3 (Haswell), while the NVv3 series use v4 (Broadwell) variants of the E5-2690.

2 Note that a “vCPU” is equivalent to one half of a core in a hyperthreaded physical workstation. (i.e. one physical core is roughly equal to two VCPUs in terms of processing power).

Adobe Best Practices Guide 17

User Personas News / Sports / Simple Edits This user creates very simple edits. Content is typically two video layers and lower third. Common effects include quick color correction, scale/transform and speed. Content makes heavy use of still images (PNG and JPEG).

Tested footage type: 1080i60 Tested codec: XDCAM-50 Tested applications: Premiere Pro (primary), Audition Estimated disk bandwidth required per simultaneous user: 170 Mbps Tested Azure Instance type: Standard_NV6

Creative This user has a typical Adobe creative workflow centered around Premiere Pro, where any Creative Cloud app may be used in the creative process. A typical timeline contains 2 video, 2 graphic, and 4-8 audio tracks.

Tested footage type: 1080i60 and UHD60i (3840x2160) Tested codec: DNxHD 145 and DNxHR SQ Tested applications: Premiere Pro (primary), After Effects, Audition, Photoshop, Illustrator Estimated disk bandwidth required per simultaneous user: 158 Mbps / 295 Mbps Tested Azure Instance type: Standard_NV12s_v3 and Standard_NV24s_v3.

Promos This group creates graphics for other groups within the organization using brand guidelines created by Marketing. This group typically needs the highest performance systems by far, as render times are critical. They are mostly creating in After Effects, using high fidelity codecs that are designed for compositing, not real-time playback.

Tested footage type: 1080i60 and UHD60i (3840x2160) Tested codec: ProRes 422 HQ, ProRes 4444 Tested applications: After Effects (primary), Photoshop, Illustrator Estimated disk bandwidth required per simultaneous user: 1120 Mbps / 4735 Mbps.3 Tested Azure Instance type: Standard_NV24s_v3.4

3 Note that real-time playback of multiple streams of this footage, especially at UHD, would require a custom storage solution that is beyond the scope of this guide.

4 Users with especially complex After Effects compositions may want to consider Standard_NV24s_v3 instances for faster render times, as they have twice the RAM, SSD storage, and uncached disk throughput. When optimizing After Effects render performance, CPU Clock Speed and amount of RAM are often the most important factors to consider. GPU capabilities and number of VCPUs are less important in most After Effects configurations. Conversely, a Standard_NV12 instance may suffice for other users.

Adobe Best Practices Guide 18

Tested Configuration Details Common configuration Operating System Microsoft Windows 10 Pro version 1909, OS build 18363.7525 Drivers NVIDIA Tesla M60 Driver 442.06 NVIDIA GRID 10.1 (442.06) Teradici PCoIP Graphics Agent 20.01.2 Application Software (within VDI) Adobe After Effects 17.0.5 Adobe Audition 13.0.4 Adobe Creative Cloud Desktop 5.1.0.407 Adobe Illustrator 24.1.1 Adobe Media Encoder 14.0.4 Adobe Photoshop 21.1.1 Adobe Premiere Pro 14.0.4 PCoIP Client Software Teradici PCoIP Client 20.01.0 Cache, Scratch Disk, and other application settings Limiting the access to your Teradici hosts is best to be done on a subnet or IP basis. That same security group can be attached to each of the edit in the could hosts, and easily updated instantly. This will add a consistent access posture for your end users. Performance Settings Premiere and After Effects both offer a number of preferences and project settings to control where data is cached. The best location for these in a VDI environment will depend on your specific workflow and priorities. For the best playback performance, you will want to store all of your media caches on the SSD drive attached to your Azure instance. Each Azure NV series machine comes with a second temporary drive, whilst useful this drive has a few drawbacks. First, the contents of this drive are erased every time you stop your instance. If you manage costs by automatically stopping instances that are idle, Premiere and/or After Effects will need to regenerate these files each time you restart the instance.6 This can be time consuming for large projects. If you move between multiple instances, or collaborate with other

5 If you must use Windows Server instead of Windows 10, it will most likely work as well, but is not officially supported by Adobe for Creative Cloud applications at the time of this writing. In limited testing, the application versions tested in this guide performed without issues on Microsoft Windows Server 2019 Datacenter version 1809, OS Build 17763.1098. It was necessary to disable the “IE Enhanced Security” feature to install Creative Cloud Desktop in that environment. 6 You could work around this limitation by creating an automated solution to copy files to and from the SSD when an instance is started and stopped, but that is beyond the scope of this guide.

Adobe Best Practices Guide 19

editors, the same files will need to be generated anew on each instance. You can get around this by adding a second Azure disk to your deployment which will be attached to your virtual machine. Each time you stop the machine this data will stay on the disk for the next time you power up. If you do not want to add a second Azure Disk which has a cost, you could accept the default cache settings, which will store these files on your C:\ drive. While not as fast as the SSD, the C:\ drive has the advantage that its contents are not lost when the instance is stopped. As with the option, however, the files will need to be independently re-generated by each collaborator and on each VM you move to. If you are working in a shared environment then, the best option is to store them on a shared drive that is visible on all instances and to every collaborator. This requires that the shared drive is (a) writable, and (b) has the bandwidth and the IOPS as project files need fast sequential access to accommodate the additional media read and write operations. The settings to adjust based on your chosen caching strategy are: Premiere Pro Preferences / Media Cache / Media Cache Preferences / Media Cache / Media Cache Database Project Settings / Scratch Disks / Captured Video Project Settings / Scratch Disks / Captured Audio Project Settings / Scratch Disks / Video Previews Project Settings / Scratch Disks / Audio Previews After Effects Preferences / Media & Disk Cache / Disk Cache Preferences / Media & Disk Cache / Conformed Media Cache / Database Preferences / Media & Disk Cache / Conformed Media Cache / Cache Preferences / XMP Metadata / Write XMP IDs to Files on Import An additional preference to consider when using shared storage with Premiere Pro is Preferences / Audio / Automatic audio waveform generation. Disabling this preference may improve playback performance from shared storage when Premiere is generating audio waveforms for any of the connected users. Project sharing If the same project file or Team Project must be opened on multiple systems, you will also want to override the following paths to point to a shared drive. This will prevent CC Libraries downloads and certain Motion Graphics Templates from being usable only on the system where the project was created. These two directories do not have the same performance requirements as the ones mentioned previously, and the files are generally small. If you do not have a shared, writable media drive, you may want to set these directories to a shared Creative Cloud Files, Dropbox, or similar synced file service directory. Premiere Pro Project Settings / Creative Cloud Library Project Settings / Motion Graphics Template Media

Adobe Best Practices Guide 20

Finally, when playing UHD or other greater-than-HD-resolution media in Premiere Pro, set the Source and Program monitors to play back at ½ size or less to avoid dropped frames during playback (this is the default for these resolutions). Tested Persona Configurations News/Sports/Simple Edits The workflow for this persona was tested on a Standard_NV6 instance type, using Azure File Storage. The Standard_NV6 instance provides 6 vCPUs (equivalent to 3 physical cores), 56GB of RAM, 340GB of temporary SSD storage, and 1/2 NVIDIA Tesla M60 GPU. Users wanting more RAM, cores, GPU memory, etc. may consider the Standard_NV12 or Standard_NV12s_v3 as alternatives. Creative The workflow for this persona was tested on a Standard_NV12s_v3 and Standard_NV24s_v3 instance types, using Azure Premium File Storage. The Standard_NV12s_v3 instance provides 12 vCPUs (equivalent to 6 physical cores), 112GB of RAM, 320GB of temporary SSD storage, and 1/2 NVIDIA Tesla M60 GPU. The Standard_NV24s_v3 provides double these capabilities. These v3 instance types were tested for this guide primarily for their access to Premium SSDs for project and cache storage. In addition to providing twice the GPU, RAM, and temporary storage of the Standard_NV12s_v3, the Standard_NV24s_v3 provides twice the maximum uncached disk throughput, which can prevent dropped frames when playing complex UHD timelines. If you are using a high-performance third-party storage solution, or you are only working with HD footage, the Standard_NV6 or Standard_NV12 may be sufficient for your needs. Promo The workflow for this persona was tested on a Standard_NV24s_v3 instance type, using Azure Premium File Storage. The Standard_NV24s_v3 instance provides 24 vCPUs (equivalent to 12 physical cores), 224GB of RAM, 640GB of temporary SSD storage, and a full NVIDIA Tesla M60 GPU. The Standard_NV24s_v3 was tested for this guide, primarily for their access to Premium SSDs for project and cache storage. You may want to consider a Standard_NV12 or Standard_NV6 instead if you are working mostly with HD footage, or have a different storage solution.

Azure Storage Offerings

Azure Storage Type

Type Accessible outside VM

Maximum size Ingest

Azure File Storage

HDD Yes 100 TB | 5 TB (depends on region)

Offline transfer using shippable devices, network transfer

Azure Premium File Storage

SSD Yes 100 TB Offline transfer using shippable devices, network transfer

Adobe Best Practices Guide 21

Azure Standard HDD Disks

HDD No 32 TB Upload from local machine or download from 3rd party solution

Azure Premium SSD Disks

SSD

No 32 TB Upload from local machine or download from 3rd party solution

Azure Standard SSD Disks

SSD

No 32 TB Upload from local machine or download from 3rd party solution

Azure Ultra SSD Disk

SSD No 65 TB Upload from local machine or download from 3rd party solution

Premium and SSD storage disks will offer lower latency at a higher cost. See Azure documentation for latest details. Azure disks typically provide lower latency/higher throughput than Azure files. Third-party service and custom solutions built on Azure may use Azure Blob Storage, a lower-level developer-oriented storage API. Customers have reported that other non-Azure storage providers work as well, including those listed in the “Third Party Workflow Solution Providers” section below.

Security Azure focuses the efforts of thousands of software engineers on security and stability, investing billions of dollars in secure infrastructure, design, and cloud services. These include dedicated security tools that integrate with on-premises solutions (such as SIEM platforms, VPN gateways, authentication systems, and more), platform components (such as Active Directory and Key Vault) and integrated Azure products (such as Security Center). In addition, Azure employs a comprehensive approach to security, governance, and privacy which guarantees customer data integrity on the cloud platform. Azure has assessed and certified to over 90 industry compliance standards, including those targeting the M&E community (MPAA, CDSA, DPP, and FACT), as well as Major Studio guidelines for content protection (which are available from your enterprise solution architect). These solution guides and templates will help you accelerate the deployment of workflows supporting secure cloud-based editorial, rendering, asset management, and VDI. Microsoft partners also provide turn-key solutions for secure remote workstations supporting these scenarios (see Fully Configured Cloud Production Services listed below). The diagram below highlights some of the tools, services, operations, and processes that Microsoft uses to secure the Azure cloud platform, as well as those which customers can use in their own cloud environments to deploy content-protection mechanisms.

Adobe Best Practices Guide 22

For full product documentation and detailed guidance on deploying secure infrastructure, please review the following:

• Microsoft Trusted Cloud o Overview of Microsoft Cloud Security Products

• Services implementation o Azure Bastion - Private and fully managed RDP and SSH access to your virtual

machines o Azure Firewall - Cloud-native network security to protect your Azure Virtual Network

resources • Policy management

o Azure Policy - create, assign, and manage policies. o Media blueprint sample - a set of governance guard-rails using Azure Policy that help

towards Media attestation • VPN

o Azure VPN Gateway

Licensing Considerations VDI Teradici PCoIP offers per-user annual licenses with unlimited usage. At the time of this writing, the Cloud Access+ offering is most appropriate for the tested configurations.

Adobe Best Practices Guide 23

As an alternative, Azure Marketplace images are also available that include a pay-per-use PCoIP license. These do not require an advance purchase or commitment but can exceed the annual license cost if used heavily. Adobe CC Each VDI user must have a valid Adobe ID and Creative Cloud license. Third-Party Fonts Check with font vendor(s) about running in the cloud. Plugins Check with your plug-in vendor(s) about running in the cloud. Cloud Broker software Teradici Cloud Access Manager license is included with PCoIP license. Leostream charges a separate, annual, per-user license.

Third Party Workflow Solution Providers There are many options to consider when setting up a VDI environment. The simplest is to start with a Marketplace image from Microsoft and install Creative Cloud and other components manually. Larger enterprises often require more complex solutions. Below are a number of well-respected companies that can help create or be part of the best solution for your company. Bespoke Solutions / Systems Integration Microsoft Azure Solutions Consultants Moov-IT Qvest Media Cloud Support Partners Fully Configured Cloud Production Services BeBop Technology StratusCore Collaboration/Review & Approval Helmut Lookat.io Wipster Shared Cloud Storage EditShare NetApp Nexis Cloudspaces (Avid) SNS (Studio Network Solutions) Tiger Technology

Adobe Best Practices Guide 24

High Speed File Transfers Filecatalyst IBM Aspera Signiant Media Asset Management Solutions Dalet eMAM Evolphin IPV Media Central (Avid) Adobe’s Partners are not limited to the companies listed in the above section. See the Adobe Video & Audio Partner Finder for additional third party solutions.

References Adobe Adobe Team Projects Adobe Technical Support boundaries for virtualized and /or server-based based environments Adobe Video & Audio Partner Finder Creative Cloud Product description and limitations Creative Cloud Terms of use Using Proxies in Premiere Pro

Microsoft Azure Backup Azure Bastion - Private and fully managed RDP and SSH access to your virtual machines Azure Cost Management and Billing Azure Data Box Azure Data Box Gateway Azure ExpressRoute Azure Firewall Azure Import/Export Azure Policy - create, assign, and manage policies. Azure Reserved VM Instances (RIs) Azure Stack Azure Stack Edge Azure Stack Edge and Azure Data Box Gateway documentation Azure VPN Gateway Choose an Azure solution for data transfer Get started with AzCopy GPU optimized virtual machine sizes Introduction to the core Azure Storage services Media blueprint sample - a set of governance guard-rails using Azure Policy that help towards Media attestation

Adobe Best Practices Guide 25

Microsoft Trusted Cloud NV-series Virtual Machines NVv3-series Virtual Machines Overview of Microsoft Cloud Security Products Performance tiers for block blob storage Reserved Azure VM Instances StorSimple Hybrid Cloud Storage Windows Virtual Desktop

NVIDIA NVIDIA Enterprise Support

Teradici Teradici Cloud Access+ Teradici Cloud Access Manager datasheet Teradici PCoIP Firewall Settings Teradici PCoIP Protocol Virtual Desktop Network Design Checklist

Glossary Active Directory (AD) - allows network administrators to create and manage domains, users, and objects within a network Bandwidth - refers to the capacity of data a network is capable of transferring from one point to another Connection Broker - a resource manager that manages a pool of connections to connection-based resources such as databases or remote desktops Egress - The act of moving data out of the Instance - a virtual server instance from a public or private cloud network IOPS - Input/output operations per second is an input/output performance measurement for computer storage Jitter - Jitter in IP networks is the variation in the latency on a packet flow between two systems Latency - the delay between data being sent and the action M&E - Media and Entertainment Industry MAM - Media Asset Management, a system for accessing and managing assets Mbps - Megabits per second (Mbps) are a unit of measurement for bandwidth and throughput on a network.

Adobe Best Practices Guide 26

MFA - Multi-Factor Authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence NDI - Network Device Interface protocol to enable devices communicate, deliver, and receive broadcast quality video in a high quality, low latency manner. PCoIP - PC over IP is a remote display protocol that Teradici developed for delivering remote desktops and applications to endpoints Region - Regions are geographic locations in which public cloud service providers' data centers reside SDK - Software Development Kit SRT - Secure Reliable Transport is an open source video transport protocol that optimizes video streaming performance Thin Client - a computer with minimal compute and flash memory used to access VDI VCPU - Virtual central processing unit VDI - Virtual Desktop Infrastructure VGPU - Virtual graphics processing unit VM - Virtual Machine WIP - Work in Progress, used in this document to refer to tier 1 storage Zero Client - a computing device has no local storage ROI - Return of Investment TCO - Total Cost of Ownership Datacenter - a large group of networked computer servers used for the remote storage, processing, or distribution of large amounts of data. QoS - Quality of Service TCP -Transmission Control Protocol is a standard that defines how to establish and maintain a network conversation UDP - User Datagram Protocol used for establishing low-latency and loss-tolerating connections between applications on the internet

Adobe Best Practices Guide 27

WRED - Weighted random early detection is a queueing discipline for a network scheduler suited for congestion avoidance

About Support Partners Support Partners is the media industry's leading cloud specialist, helping to design, deploy and support innovation in the cloud. With over 15 years’ experience supporting and guiding the world’s largest media organizations in Broadcast, Advertising, Publishing, Sports and Post-production, we know what it takes to accelerate innovation in media production. We also work closely with the world’s leading technology platforms to transform how media is created, stored and distributed: go to https://www.support-partners.com to find out more.

This Document was prepared by Adobe Inc. and Support Partners in cooperation with Microsoft, Teradici and Leostream.